Firewall problems for the Windows ftp client

You got sent to this site because the Taxsim processor on the Taxsim ftp server found that the file you uploaded was zero bytes in length. Here is the likely explanation.

One problem I have found at a handful of sites is a firewall that blocks certain ftp traffic. Users at the University of Washington and Emory University have both reported this. Taxsim9.ado uses the WIndows built-in command line ftp client. You can test your computer's ability to ftp to the taxsim server by asking someone with sufficient knowledge to use a command line ftp client to help you visit our site. The commands (issued in a Windows command line window) would be:

c:>ftp taxsimftp.nber.org (login as user "taxsim" with password "02138") ftp>ls

If you can't even get a login prompt, then your firewall administrator has forbidden all ftp transfers, perhaps on the grounds that ftp is obsolete and unsecure. But I haven't seen complaints about this happening. Complaints so far have been about inadvertent blocking of file transfers using the ftp default transfer method. The ftp "ls" command uses the default transfer method, so if you can login, but can't get the "ls" command to list any files then your firewall is causing problems and taxsim9.ado won't work. Since the problem is in your filewall, it will affect all ftp sites, not just ours.

I believe this failure occurs because ftp requires special rules on the firewall. It is likely that your firewall administrator thinks ftp is enabled, as it works a little differently from other protocols - it isn't just a matter of opening port 21. Inexperienced network administrators may not know this. The Wikipedia article on ftp explains ftp in detail, but the page at ipswitch.com may be clearer. I would just add that the Windows ftp client does not support passive mode which both articles suggest is the solution to firewall problems. The exact commands for enabling ftp on any firewall depend on the firewall vendor.

Some may believe that an ftp failure at our site indicates a failure in our server. I suggest visiting the famous ftp site ftp.freebsd.org using the ftp client supplied with Windows for the command line. (Use start|cmd to get a command prompt then run "ftp ftp.freebsd.org" and login as anonymous with your email address as password). If an "ls" command fails when you try it, there is no question the problem is on your computer (the windows firewall) or on your network (a broken NAT device or a overly restrictive firewall). If you can make that site work only by enabling passive mode, then that confirms that the problem is a firewall at your site. An independent tester of ftp servers is at ftptest.net. But remember, that tests our server, not your client. The problem for taxsim9.ado users running Windows is that the Windows ftp client does not support passive mode, and a few firewalls interfere with active mode.

You should really find someone with some knowledge of computers to do the tests given above. I would be glad to speak with them on the phone. My number is given below.

There are only two fixes for this problem. You can work from home - even the least expensive home router handles ftp correctly in its default setup - or you can get the computer/network administration to fix the problem at school. Anyone in an official capacity is likely to assume your use of the computer is frivolous, so you should be sure to state right at the beginning that ftp is required for coursework or research. And don't give up. Ask as many network staff as you can locate. One of them may be symphathetic, and speak up for you with the firewall administator, who is unlikely to have any knowledge of or interest in your research topic, but will be fascinated by the security problems in ftp. You will have to assure him that neither the data you supply nor the generic password we provide is confidential in any way.

Taxsim uses ftp for the file transfer because it is the only upload protocol for which Windows provides a scriptable client. Suggestions for alternatives are welcome, but should come with an installer that a novice could use. We have considerable experience with netcat, but found it unreliable for large datasets.

If you can use the "ls" command to list files on our ftp site, then a firewall probably not the problem. In that case, please write to me, including a log file for your attempt. The most helpful log file has very little in it other than the taxsim9 command, preferably with the "debug" option and "set trace on" specified in the Stata code.

If you run into problems or have questions, please follow the instructions here, in the help file and on the web page before calling me. It will greatly speed up getting to a solution.

At least one user reports that his firewall would work, but timed out after 30 minutes, limiting the size of datasets he could work with.

Daniel Feenberg
617-588-0343 (office)
617-863-0343 (Google Voice) feenberg@nber.org